<div dir="ltr"><p style="text-decoration-style:initial;text-decoration-color:initial;margin-top:0px;color:rgb(80,79,77);font-family:Lato,sans-serif;font-size:14px">Hello everyone,</p><p style="font-size:12.8px;text-decoration-style:initial;text-decoration-color:initial"><font color="#504f4d" face="Lato, sans-serif"><span style="font-size:14px">I am trying to verify a certificate with the</span></font><span style="color:rgb(80,79,77);font-family:Lato,sans-serif;font-size:14px"> </span><font color="#504f4d" face="Lato, sans-serif"><span style="font-size:14px">gnutls_x509_trust_list_<wbr>verify_crt()-function [1]. I can pass a list of trusted CAs with the “list”-parameter. <br></span></font><font color="#504f4d" face="Lato, sans-serif"><span style="font-size:14px">My problem is that I also have a list of intermediate CAs which I do not trust but should be used to build the certificate chain. Something like the chain-parameter in the OpenSSL function </span></font><a href="https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_init.html" rel="nofollow noopener" target="_blank" style="color:rgb(246,167,58);background:transparent;font-family:Lato,sans-serif;font-size:14px;text-decoration-line:none;word-wrap:break-word">X509_STORE_CTX_init</a><font color="#504f4d" face="Lato, sans-serif"><span style="font-size:14px">. <wbr> </span></font><font color="#504f4d" face="Lato, sans-serif"><span style="font-size:14px">According to the documentation I can pass the certificate chain including the certificate which should be verified </span></font><span style="font-size:14px;color:rgb(80,79,77);font-family:Lato,sans-serif">via the cert_list-parameter of the <span style="background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;float:none;display:inline">gnutls_x509_trust_list_<wbr>verify_crt()-function<span> . B</span></span></span><span style="color:rgb(80,79,77);font-family:Lato,sans-serif;font-size:14px">ut is there a possibility to build that chain with a list of untrusted intermediate CAs?</span></p><p style="text-decoration-style:initial;text-decoration-color:initial;color:rgb(80,79,77);font-family:Lato,sans-serif;font-size:14px">[1] <a href="https://www.gnutls.org/manual/gnutls.html#Verifying-X_002e509-certificate-paths" target="_blank" style="color:rgb(17,85,204)">https://www.gnutls.org/<wbr>manual/gnutls.html#Verifying-<wbr>X_002e509-certificate-paths</a><br></p><p style="text-decoration-style:initial;text-decoration-color:initial;color:rgb(80,79,77);font-family:Lato,sans-serif;font-size:14px">Thank you very much<br>ckmk14</p><br></div>